05-24-2016 03:36 AM - edited 03-12-2019 06:01 AM
Hi guys,
We are using Sourcefire Firesight for the IDS purpose. Someone has created few rules which are capturing the heavy traffic. I would like to know how to get the information about rule creator?
Appreciate your help.
Thanks,
Regards,
Jay
05-25-2016 04:45 AM
Hi Jay,
You can check the local rules that are created under Policy->Intrusion policy->rule editor
and you can either disable/enable them as per your requirement.
Also, regarding writing optimized snort rules you can refer to below document :
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node27.html
Rate if it helps.
Thanks,
Ankita
05-25-2016 05:03 AM
Hi Ankita,
Thanks for your great help. Actually, I would also like to know if anyone has created rule or made any modification, can we track that or is there any way to get those audit information?
Kind regards,
Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide